Created
March 4, 2015 22:47
-
-
Save jfwood/fdafc883fecdc599cbe0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
container_type = json_data.get('type') | |
secret_refs = json_data.get('secret_refs') | |
if not secret_refs: | |
return json_data | |
secret_refs_names = set(secret_ref.get('name', '') | |
for secret_ref in secret_refs) | |
[woodster: I think this entire block of new code should move down to below #635, as I think duplicate secret names or secret UUIDs are more possible failures than the wrong host name...just deferring this processing to a bit later down the line then.] | |
# Ensure that our secret refs are valid relative to our config, no | |
# spoofing allowed! | |
[hockeynut: comments should start in same column as the code] | |
[woodster: These first two comment lines (#605 and 606) should move over 4 spaces.] | |
configured_host_href = CONF.host_href | |
for secret_ref in secret_refs: | |
if configured_host_href not in secret_ref: | |
# Houston, we have a problem! | |
[woodster: Yeah, as fun as this one is, probably better to get rid of line #610. :)] | |
raise exception.SecretRefValidationErrorException(field='secret_ref', | |
schema=schema_name, | |
reason=u._("Secret ref does" | |
[hockeynut: need space between "does and the final closing quote | |
also I think there should be underscore between secret and ref.] | |
"not match the" | |
[woodster: Please add 4 spaces to lines #614, 615 and 616.] | |
"configured hostname, please" | |
[hockeynut: need space between "the" and the closing quote] | |
"try again" | |
)) | |
self._assert_validity( | |
len(secret_refs_names) == len(secret_refs), | |
schema_name, | |
u._("Duplicate reference names are not allowed"), | |
"secret_refs") | |
# The combination of container_id and secret_id is expected to be | |
# primary key for container_secret so same secret id (ref) cannot be | |
# used within a container | |
secret_ids = set(self._get_secret_id_from_ref(secret_ref) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment